DNC Creates 'Cybersecurity Board' Without Any Cybersecurity Experts (techdirt.com) 156
An anonymous reader writes from a report via Techdirt: The Democratic National Committee has created a "cybersecurity advisory board" to improve its cybersecurity and to "prevent future attacks." Politico reports: "'To prevent future attacks and ensure that the DNC's cybersecurity capabilities are best-in-class, I am creating a Cybersecurity Advisory Board composed of distinguished experts in the field,' interim DNC Chairwoman Donna Brazile wrote in a memo. 'The Advisory Board will work closely with me and the entire DNC to ensure that the party is prepared for the grave threats it faces -- today and in the future.' Members include Rand Beers, former Department of Homeland Security acting secretary; Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter; Aneesh Chopra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor." What's surprising is that none of these members are cybersecurity experts. Techdirt reports: "If the goal of the board was to advise on cybersecurity policy, then the makeup of it is at least slightly more understandable, but that's not goal. It's to actually improve the cybersecurity of the DNC. Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible."
probably... (Score:1, Troll)
Re:probably... (Score:5, Funny)
A bunch of cannibals?
I used to know a guy who would always make reservations under the name of "Donner" because occasionally he'd then get to hear "Donner Party - your table is ready".
Re:probably... (Score:4, Funny)
A bunch of cannibals?
I used to know a guy who would always make reservations under the name of "Donner" because occasionally he'd then get to hear "Donner Party - your table is ready".
At which point he could exclaim, "It's about time, we're starving!"
Re:probably... (Score:5, Funny)
Donner, party of 8, Donner?
[pause]
Donner, party of 7, Donner?
[pause]
Donner, party of 6, Donner?
[pause]
Donner, party of 5, Donner?
etc...
Re: probably... (Score:2, Informative)
No, they usually just shoot people that leak emails.
DNC cyber security. (Score:5, Informative)
Just never write down any dirt.
See also: Bill Clinton's meeting on the tarmac. That's how serious dirt is done.
Re: (Score:2)
Re: (Score:3)
Unscheduled and unplanned. He almost got away with it, clearly they intended to do it on the sly. SOP
Re: DNC cyber security. (Score:5, Insightful)
Airport tarmacs aren't very public. He did, in fact, get away with it. No witnesses, can't prove anything.
There was no paper trail, do you believe that was a coincidence?
Re: DNC cyber security. (Score:4, Insightful)
He did, in fact, get away with it. No witnesses, can't prove anything.
There wasn't supposed to be any witnesses, but there was, which is why we know about it. NORMAL people don't try to hide their activities. However, this is Clinton, and we all know that he isn't the most trustworthy of people. That being said, there are those who are running to his defense, saying ""Can't Prove Anything" as if we were to just stop looking at something suspicious.
Had this been Trump's kids / family, it would have been all over the MSM Headlines until the election, and those same people who are defending Clinton now, would be frothing at the mouth. Such is politics, and why most NORMAL people are sick to their stomach with American Political Cronyism.
Re: (Score:1)
Which was stupid on his part. He could have done it like in the old days - just give her a call.
Maybe he wanted her to assume the intern position first.
Re: (Score:1)
See also: Bill Clinton's meeting on the tarmac. That's how serious dirt is done.
Completely out in the open where everybody can see they met and speculate on what happened?
Is this like their murder victims, where the absence of evidence is supposed to demonstrate to us the cunning of their plan?
No.
The message was, "SEE, WE'RE ABOVE THE LAW!!!"
Worked, too.
Which is why, if you vote for Hillary, you're a fucking fool - you're flushing away the rule of law all because you like the "progressive" things she says.
Re: (Score:2, Interesting)
If nothing else this election has shown how generally we're herded into voting for A or B, where A and B are carefully selected by a few power brokers. The GOP lost control of their election process, and now we have Trump taking a dump on everything Republican. This leaves us with only one realistic choice, because Bernie was railroaded out of the Democratic process.
And honestly, Bernie was the most viable candidate out of the last few realistically standing. Cruz reminds me of an angry born again cookie mo
Re: (Score:1)
Why is crime so rampant right across the border in Mexico, or in fact the overwhelming majority of South American Countries?
The US "war on drugs" is a major contributor.
Millions of dollars per month go into the hands of drug cartels, and they are typically better equipped than the police---and sometimes the military. Particularly true in Mexico.
When they expand into human trafficking and extortion because it is as profitable as drugs, well, things get bad in hurry.
Why are almost all European Socialist countries failing?
They are not. Some bad ones like Greece have problems, but well-run countries like Iceland and Norway are fine. Socialist policies neither float nor sink the ship. All
All Boards are created Equal (Score:5, Insightful)
The point of every board isn't to ever do work. It's just to head up the meetings and organize the allocation of funds to achieve the agenda.
You might want one technician but management is management. Management is just about allocating your resources to do get shit done.
Obviously nobody on the board is actually going to get their hands dirty. And boards don't do very much. They will probably meet once a quarter... by phone for an hour. Agree that the consulting firm that they hired is spending the money wisely and then go back to their real jobs.
Re: (Score:2)
An acquaintance who is a manager once told me that he can manage anything because, well, managing is managing. Another one suggested to me when I was a teen to go study management because, well, managers will always be needed...
Isn't that a little pretentious and old school like where the boss is the boss, doesn't matter if he is right or wrong or if he knows what he is talking about.
Seems to me hard to understand how a manager can manage something he doesn't know anything about unless he has skilled techni
Fallacy of MBA management (Score:5, Interesting)
An acquaintance who is a manager once told me that he can manage anything because, well, managing is managing. Another one suggested to me when I was a teen to go study management because, well, managers will always be needed...
Isn't that a little pretentious and old school like where the boss is the boss, doesn't matter if he is right or wrong or if he knows what he is talking about.
Seems to me hard to understand how a manager can manage something he doesn't know anything about unless he has skilled technical assistants. But how will he evaluate the skills of his assistants? I suppose if the assistants tell him what he wants to hear, it might help.
This is one of the fallacies of modern MBA-style management: management is a specific skill that's the same across all industries.
In it's worst form, it's what gets us CEOs who slash costs and show growth for the first year, then leave with a golden parachute while the company flounders.
If you study management even a little, you realize that the best managers are expert in their respective fields. This is not to say that software managers must be expert coders, but they need to have in mind the capabilities and limitations of the company products, the tools that the coders use, the current marketing trends, and some ad-hoc guesswork as to where the market is going. And also, they should at least know how to code, if not be an expert at it.
Consider: Do you think a generic manager could step in and manager a newspaper without intimate knowledge of the newspaper business? How well do you think that company would do if it actually happened?
Looking at some of Warren Buffet's writings, I note that he has people he trusts that can quickly learn the business and make informed choices that ultimately turn a company around. For example, a troubled company that supplies hardware, his people identified parts that had little profit and were available from other suppliers, as opposed to other parts that had more profit and were unique to the business. That's how he buys distressed companies and turns them around.
This is not what generic MBA-style managers do: learn the business, go into detail, and make strong decisions that benefit the company.
Looking at how GE gets vice-presidents, they always hire from within. They take a director and move him over to another department for a couple of years, and see how well he does. Then they move him again, and in a couple of years move him again. Over time, the directors become very well informed about how the business actually works, and anyone who isn't flexible enough to learn and do well in the business gets weeded out.
GE executives are some of the best managers in the world.
I've worked with a lot of "plug-in" managers who never seem to know where to go or what to do. They take the opinions of their staff as gospel without adding their own expertise, and serve as a simple buffer between the workers and upper management.
Re: (Score:2)
If you study management even a little, you realize that the best managers are expert in their respective fields.
Did you visit the link I provided? The guy fits the bill and he was indeed a project manager. Of course I agree with what you wrote. I manage stuff that I know about. My head isn't inflated enough to pretend I can manage everything.
I've worked with a lot of "plug-in" managers who never seem to know where to go or what to do. They take the opinions of their staff as gospel without adding their own expertise, and serve as a simple buffer between the workers and upper management.
I like to say that those are just overhead.
No, sorry. (Score:2)
Did you visit the link I provided? The guy fits the bill and he was indeed a project manager. Of course I agree with what you wrote. I manage stuff that I know about. My head isn't inflated enough to pretend I can manage everything.
Actually, I didn't. I honestly thought it was part of your sig, and didn't think it was relevant to your text. Sorry about that.
Maybe weave the link as part of text as a reference to a position, or refer to it in the text?
Re: (Score:2)
If you study management even a little, you realize that the best managers are expert in their respective fields. This is not to say that software managers must be expert coders, but they need to have in mind the capabilities and limitations of the company products, the tools that the coders use, the current marketing trends, and some ad-hoc guesswork as to where the market is going.
The converse is also true, the best managers need to be really good at management.
I don't mind this cybersecurity board, they don't have the talent to personally implement great cybersecurity, but they have the knowledge to find and evaluate the people who can. (As well as figure out all the important laws and regulations, something a certain Secretary of State could have used).
Re: (Score:2)
Do you think a generic manager could step in and manager a newspaper without intimate knowledge of the newspaper business? How well do you think that company would do if it actually happened?
Depends on the manager. A good manager can manage outside their expertise.
When I was in college, I tutored people. In one case, someone came to me for tutoring in a subject I didn't know anything about. I was able to successfully tutor them, with no knowledge in the field. Of course, in the process of tutoring, I learned lots, but walking someone through the work, asking them to think about the problem, and explain the process to get the answer is the same across most academic subjects. Actually teach
Re: (Score:3)
Of course, in the process of tutoring, I learned lots,
That's the key point, being able to learn fast and adapt. But then again, doesn't this apply to any activity field and is this in any way specific to management?
Someone could manage outside their expertise, but it'll be harder.
Yep, because you would have to learn quickly to be efficient.
Re: (Score:2)
I've had good Managers, bad managers, expert Managers ,and non-expert managers. There is a VENN diagram of intersections out there somewhere. The problem is, that like most things in life, there aren't absolutes.
Good Managers: ... They actually are good at direction, and making decisions. These are the people who point the way; give direction and then get out of the way. They make key decisions based on the available information and their best effort. They aren't always right, and they take ownership (and l
Re: (Score:2)
The CEO of my wife's previous company which is the major business newspaper of Norway has no actual understanding of how a newspaper works. He buys stuff, mortgages stuff, he basically just talks to the board and plays golf and buys stuff. He remains successful primarily by buying other media which has a sub
Re: (Score:2)
There are many types of managers. At a high level what's really important are people who understand the logistics of getting stuff done. The MBA part really doesn't apply to most managers. Then there are the low level grunt managers - project managers who get dumped on by everyone else, given the worst projects with no authority. Product managers who don't understand products because they're really salespeople. Middle managers who used to be smaller managers but now are in a holding pattern waiting fo
Re: (Score:1)
This is one of the fallacies of modern MBA-style management: management is a specific skill that's the same across all industries.
In it's worst form, it's what gets us CEOs who slash costs and show growth for the first year, then leave with a golden parachute while the company flounders.
An MBA without requisite skills in the field you're managing means you're nothing more than a modern pirate looting the ship.
Re: (Score:2)
The problem is that there are two parts here:
1) Management is a separate skill, and you need to be skilled at it to be a good manager.
2) Management of a particular area requires knowing the area.
So. In principle a good manager can manage anything...but if he doesn't already know the area it's going to take him a long time to get to know it. Upper management probably *IS* nearly the same everywhere. Everywhere they go they're managing managers who are managing managers. As you get "nearer to the metal"
Re: (Score:2)
Upper management probably *IS* nearly the same everywhere. Everywhere they go they're managing managers who are managing managers.
That's one way of seeing it. OTOH at that level they're also responsible for long term strategy. The stuff that determines if you're even there as a large company 3-5-10-15 years from now (depending on the field). And that's not easy (in fact its so difficult that most don't do it) and turning around a ship that size isn't easy either, so you have to stay ahead of the game.
So I'm not sure. I think that even at that level you have to know the business. Now, is that 90% of the work? No, it's more like 2%. The
Re: (Score:2)
Upper management may be responsible for strategy, but they shouldn't be the strategist. They should know and be able to evaluate the strategist. The strategist DOES need to know the subject area well...as well as the lowest level of manager, and over a much wider area of what the company does. It shouldn't be a part time job of someone who also manages the company.
Now clearly, everything I've said only applies if there are multiple layers of management. And the important part is how far is top managemen
Re: (Score:1)
... , and serve as a simple buffer between the workers and upper management.
If all they did was be a buffer between the workers and "upper", that would be very important. It might be enough to justify their job. I have been caught there and I did not like it much.
As long as there were other people that could do the tech leading...
Re: (Score:1)
I agree with it to a certain extent. I think a good manager can probably manage most kinds of organizations, without any specialization. By the same token, it isn't always the case that someone that works up through a specific industry will be able to manage a company within that industry. There's no hard fast rule. As much as anything what counts as far as a good leader goes isn't specific expertise in the areas of business activity he may be put in charge of, but rather he quickly recognizes the people wi
Re: (Score:2)
I think a good manager can probably manage most kinds of organizations, without any specialization. By the same token, it isn't always the case that someone that works up through a specific industry will be able to manage a company within that industry.
Your statement would be true if and only if there are similar or the same features/aspects of work in those organization because similar rules can be applied (similar management style). If each organization has its own unique aspects to deal with, regardless how good a manager is, he or she will need to learn about the organization first. However, a good manager should be able to learn and adapt to the job faster than average.
Re: (Score:2)
You're right. He cannot manage something he doesn't understand. He only thinks he can, and as long as he has people under him that know what they're doing, unlike him, who can compensate for his ineptitude, it will look like he actually can.
Problem is that in 9 out of 10 times the people under him would actually be better off without him.
Re: (Score:2)
He cannot manage something he doesn't understand.
I disagree, but only to a point. If the person knows they don't know shit, and admits it (humility), can be successful. It is the people who know nothing, but think they are god because their MBA from Prestigious University tells them so, that are dangerous. IMHO a piece of paper is only as good as the first job out of school, though there are those that think it is worth more than this.
Re: (Score:2)
Show me one humble manager and I show you a manager that forgot to take his morning line of coke.
Re: (Score:2)
One should always go study work, but because workers will always be needed.
Re: (Score:2)
An acquaintance who is a manager once told me that he can manage anything because, well, managing is managing.
I think successful managers have an esoteric skill set that can transcend their own lack of technical or industry specific knowledge, but the greater the deviation from their specific knowledge the more dependent they are on experts in the organization to interpret technical knowledge (wither it's IT technical knowledge or just specialist knowledge).
However, I think there's a corollary there where managers who have the technical knowledge can manage poorly because they lack esoteric skills, and they're pron
Re: (Score:2)
seems to me hard to understand how a manager can manage something he doesn't know anything about
It isn't hard to understand. In fact, there is a whole cartoon series dedicated to exactly this.
http://www.dilbert.com/ [dilbert.com]
Re: (Score:2)
What real jobs? They actually do something useful?
Re: (Score:2)
And that's useful ... in what way exactly? Basically these people are superfluous and if capitalism worked they'd have been eliminated a long time ago.
Business as usual (Score:2)
Re: (Score:2)
What a C-level job includes and what qualification someone has who does it are sometimes surprisingly different...
It all depends on the reason why he got the job. If his last name is suspiciously similar to a director's, you might consider not relying on his expertise.
Re: (Score:2)
Often they are politically connected and the top position is a thank you for years of party political support not any useful real world skill set a top diploma would be expected to have.
Why would "computer" related gov work be any different?
Re: (Score:2)
Political officials setting themselves up to regulate things they have zero background knowledge in? Sounds like business as usual to me.
If this is "business as usual", then they shouldn't expect the end result to be any different than before.
Security only works if you get past the political bullshit step of talking about it.
Re: (Score:2)
They probably don't really expect any different results, but they have done something about it and they didn't burden the process with people who would actually be so insane to actually want to DO anything.
I.e. Mission Accomplished.
Not that surprising (Score:1)
Many chiefs. No tribal members.
Look, there are two ways to look at cybersecurity:
1. Most unauthorized access is through social engineering. It can be fixed with training and fewer gullible people. Translation: this is a massive back door that will never be fixed, as those at the top are the worst offenders. And they never follow instructions.
2. Most methods of providing cyber security involve fixing known prior methods of attack. Polymorphous self-adapting viral code with bootstrap load into the kernel was
Re: (Score:3)
Apparently, you don't know too much about designing/administering computer systems security.
Computer security is more than keeping a system secure from outside attacks. The two results you do not wish to occur in a "breach" is exposure of confidential information, and permanent data loss (sabotage). These forms of security breaches can occur from the "inside".
Another consideration in designing security in computer systems is workflow. There are a ton of ways to make a set of computers secure, but sometim
Re: (Score:2)
1. Most unauthorized access is through social engineering.
Are you suggesting that the russians phone-phished the DNC email server password? Wouldn't the accent give them away?
Re: (Score:2)
Wouldn't the accent give them away?
No one would ever complain for fear of being accused of racial profiling.
Typical political do-nothing bullshit (Score:3)
And the politicoes are all stumped as to why people are angry at them and screaming for real change, to the point where people will actually vote for an asshat like Trump...
Re: (Score:3, Insightful)
Actually doing things eventually leads to racisim. The only thing left is to remain motionless and receive your white privilege lectures.
Re: (Score:2)
But I consider that rape.
Re: (Score:2)
That only matters if you're not a white, straight guy.
Made in the USA (Score:2)
And the politicoes are all stumped as to why people are angry at them and screaming for real change, to the point where people will actually vote for an asshat like Trump...
Given Clinton's recent hiring practices [foxnews.com] and campaign staff [washingtontimes.com], maybe we should just be happy that she hired Americans and leave it at that.
Re: (Score:2)
Yeah, she did, and look at what duds she chose.
See? We NEED more H1Bs!
A prediction (Score:1)
The hiring choices outlined by this article are going to lead to another article at some point in the future, to which I will feel compelled to once again post the comment: "Should have hired me instead, assholes!"
Political elites (Score:4, Informative)
Re:Political elites (Score:4, Insightful)
Just the political elites doing what they do irrespective of the skill set of people they are employing. People keep banging on about corruption in some third world nation when corruption is well and truly alive in your back yard.
Actually, this is not a political elite mindset thing, it is a government mindset thing.
About 10 years ago or so I attended a government information assurance (they didn't call it cybersecurity back then) conference. The keynote speaker was a technical high up (maybe CIO, maybe CTO) of one of the three letter agencies. He said to an auditorium full of government information assurance managers something to the effect of, "the federal government is the only large organization that will regularly take people with no technical education, no technical training, and no technical knowledge/experience and put them into the inherently technical role of being responsible for securing information systems." You could hear a pin drop.
The point is that this sort of thing has been going on forever in the government (a campaign functions in nearly the same way as the government in many respects) for a long time. It makes sense why the government gets hit with so many data breaches. In fact, it was always surprising to me that it didn't happen more often.
Re: (Score:2)
Not really. It is politicos staffing their board with people that won't step on their crank like Trump. Every two-bit security expert will bring a load of stupid political sensitivities to a job like that. Rather, it makes more sense to hire people who know how politics works and then let them hire the security experts to fix what they see as broken. All the problems are not necessarily technical. This forum is a typical example of what leads to disasters, everyone fancies themselves as technoslaves and hen
Re: (Score:2)
Who are these people who are banging on about corruption in some third world country? Can I get a citation, please? We've got plenty of corruption in the Democratic Party, and every time it gets brought up the topic is changed to the Russians.
To quote an anonymous coward:
You've got plenty of corruption in both parties and in government in general. Stop being so bloody partisan. The problem is broad and wide-spread.
Sounds typical (Score:3)
On second thought, erase the word "technical" from that paragraph.
Re: (Score:2)
Pretty much. This is nothing more than political posturing and theatrics designed to pad the resumes of these board members with cybersecurity "experience" that they can cite to the equally ignorant Senators who will preside over their eventual confirmation hearings.
Re: (Score:2)
According to NASA (Score:2)
This is the hottest cybersecurity board on record.
or failing that... (Score:2)
Even if the goal were just policy, having someone with actual technology experience with cybersecurity would be sensible."
... or failing that an 8 year old child.
Democrat party leaders show their competence (Score:4, Interesting)
Don'tcha just feel good knowing how well Hillary will be keeping the nation secure when you cast that ballot?
Re: (Score:2)
Re: (Score:2)
Hey, we're getting Mexico to pay for the wall. Its still a bargain. /s
Headline next week... (Score:3)
"DNC emails leaked regarding insiders' placements on DNC Cybersecurity Advisory Board. The DNCCAB releases statement, 'It depends on your definition of hacking.' Nude photos of Clinton found among the leak which boost her in polls by 75%. Trump tried to counter by leaking his own sex tape, but the effort tanked because no one wanted to hear him dirty talk Chris Christy."
... if any of the above headline becomes true, the terrorists have won
Re: (Score:2)
Trump tried to counter by leaking his own sex tape, but the effort tanked because no one wanted to hear him dirty talk Chris Christy."
I would love to see the word gymnastic necessary from his spokesmen and supporters about how that shows how strong a leader he would be for this country.
How about an ethics board? (Score:2)
Or a personal responsibility board? Of course they don't need any actual cybersecurity experts, this is only to distract from the fact that they broke the rules by pointing the finger at someone else. They don't need this board to do anything, it's just for the press release
Typical (Score:2)
It's telling (Score:1)
The addition of lawyers to a bunch of C-level managers is very telling. This group will advise others what policies can and can't be implemented, who in turn will advise others what mechanisms can and can't be installed, who in turn will tell somebody to make the bloody (security) thing work.
Politicians doing what politicians do (Score:1)
Politicians, regardless of political party, will always perform their duties as politicians so it is no surprise that they create rules committees and advisory boards and fill the positions with politicians. It's what they do. Much of the time it's just for show to make it appear like they are doing something and that they "care" about the topic or crisis at hand. The advisory board will hold meetings, travel around the country to investigate things, make speeches and ultimately release a statement filled w
Yes, but these are lawyers, what more do you need? (Score:3)
See? They only need lawyers.
Surprise (Score:3)
What's surprising is that none of these members are cybersecurity experts.
Not surprising to me. The DNC and their members create economic policies with no understanding of economics. They put people in charge of justice with no understanding of justice. They put people in charge of foreign policy who are incompetent in dealing with foreign policy issues.
So this is just what they do - meddle in things they know nothing about.
Tying to solve the impossible. (Score:1)
Does Not Compute (Score:1)
Change definition of DNC to Does Not Compute.
OH YEAH?!?! (Score:1)
I guess the democrats couldn't let Trump have the upper hand having an economic board with no economists.
Results don't matter (Score:2)
Only intentions are important in the DNC. And then there's the whole "experience" issue. If we're supposed to vote for Hillary because she has experience, this blows that out of the water. But then again, it doesn't matter, results don't matter, as long as they are in charge.
Maybe the article didn't make it very clear... (Score:1)
Damage control (Score:2)
DNC's response to security risk... (Score:2)
..., lawyer up.
Too critical. (Score:1)
Just look at the impressive people they hired! Wouldn't you be scared if you were a hacker?
All it is about anymore. Appearances. No substance.
Real experts won't use the word "cyber" (Score:1)
At least, I never hear the word used in association with securing data, networks, servers, etc. But maybe the companies I work for are all weird or something?
Typical government carap... (Score:1)
HEAR THIS: It is IMPERATIVE that fully qualified people need to run regulatory, or ANY other, agencies.
Non-qualified persons in a job ALWAYS make matters worse. Period.
Just because you are an activist does NOT make you qualified! You are likely just looking for a bandwagon to jump on. GET THE FACTS, PLEASE!
Algore to the rescue (Score:2)
Why don't they hire Algore - the man who invented the Internet to head this group? He'd have 2 great things going for him: